Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Getting To Yes: Negotiating Technology Innovation & Security Risk
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
Social Engineering & Black Hat: Do As I Do Not As I Say
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
3 Simple Steps For Minimizing Ransomware Exposure
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
What Do You Mean My Security Tools Don’t Work on APIs?!!
SAST and DAST scanners haven’t advanced much in 15 years. But the bigger problem is that they were designed for web apps, not to test the security of an API.
Why China Wants Your Sensitive Data
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
The Dark Web: An Untapped Source For Threat Intelligence
Most organizations already have the tools for starting a low-cost, high-return Dark Web cyber intelligence program within their existing IT and cybersecurity teams. Here’s how.
What You Probably Missed In Verizon's Latest DBIR
Tune in to Dark Reading Radio at 1pm ET/11am Pacific on Wednesday, June 24, when Verizon Data Breach Investigations Report co-author Marc Spitler discusses some of the possibly lesser-noticed nuggets in the industry's popular report on real-world attacks.
Security Surveys: Read With Caution
I’m skeptical of industry surveys that tell security practitioners what they already know. Don’t state the obvious. Tell us the way forward.
9 Questions For A Healthy Application Security Program
Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
Cybersecurity Advice From A Former White House CIO
Today's playbook demands 'human-centered' user education that assumes people will share passwords, forget them, and do unsafe things to get their jobs done.
Time to Focus on Data Integrity
Information security efforts have historically centered on data theft. But cybercriminals who alter corporate records and personal information can also cause serious harm.
Is Your Security Operation Hooked On Malware?
It may seem counterintuitive, but an overzealous focus on malware may be preventing you from detecting even bigger threats.
Lessons Learned From The Ramnit Botnet Takedown
While most organizations won’t find themselves in similar circumstances, there are important takeaways they can apply to any security program.
Survival Tips For The Security Skills Shortage
No matter how you slice it, creating a security professional with 10 years of experience takes, well, 10 years. Here are six suggestions for doing more with less.
From GitHub to Great Cannon: A Mid-Year Analysis Of DDoS Attacks
The new and common face of DDoS today is its use as a smokescreen to conceal malicious activity in an overwhelming burst of traffic that stretch security layers to the brink.
Firewalls Sustain Foundation of Sound Security
Simply put, organizations that cannot maintain rigid firewall enforcement are more likely to be compromised.
Why the Firewall is Increasingly Irrelevant
It will take a dramatic reimagining of security to dedicate focus to the areas where company data actually resides. It starts with tearing down the firewall.
Security Metrics: It’s All Relative
What a haircut taught me about communicating the value of security to executives and non-security professionals.
7 Critical Criteria for Data Encryption In The Cloud
Encrypting the huge number of data files stored in a public cloud today is like bubble-wrapping an entire house. Better to focus on the fragile items that matter.
Long Cons: The Next Age of Cyber Attacks
When hackers know that a big payday is coming they don’t mind waiting for months for the best moment to strike.
How The Hacker Economy Impacts Your Network & The Cloud
To protect data against growing threats, networks must now act as both sensor and enforcer around traffic that passes through users and data centers to the cloud.
Help Wanted: Security Heroes & Heroines Only Need Apply
If we want to do more than simply defend ourselves, we need security champions and equally heroic security solutions.
Shaping A Better Future For Software Security
Industry and government leaders discuss ways to improve practices, awareness and education around secure software development. Here’s a recap of what you missed.
Today’s Requirements To Defend Against Tomorrow’s Insider Threats
At its most basic, a consistent and meaningful insider threat detection program has two components: data and people. Here’s how to put them together.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
